rpm package
suse/openvswitch&distro=SUSE OpenStack Cloud 9
pkg:rpm/suse/openvswitch&distro=SUSE%20OpenStack%20Cloud%209
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-4338 | — | < 2.8.10-4.33.1 | 2.8.10-4.33.1 | Jan 10, 2023 | An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | ||
| CVE-2022-4337 | — | < 2.8.10-4.33.1 | 2.8.10-4.33.1 | Jan 10, 2023 | An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. | ||
| CVE-2022-32166 | — | < 2.8.10-4.33.1 | 2.8.10-4.33.1 | Sep 28, 2022 | In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remo | ||
| CVE-2021-36980 | — | < 2.8.10-4.33.1 | 2.8.10-4.33.1 | Jul 20, 2021 | Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. | ||
| CVE-2020-27827 | — | < 2.8.10-4.23.1 | 2.8.10-4.23.1 | Mar 18, 2021 | A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | ||
| CVE-2020-35498 | — | < 2.8.10-4.26.1 | 2.8.10-4.26.1 | Feb 11, 2021 | A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest |
- CVE-2022-4338Jan 10, 2023affected < 2.8.10-4.33.1fixed 2.8.10-4.33.1
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
- CVE-2022-4337Jan 10, 2023affected < 2.8.10-4.33.1fixed 2.8.10-4.33.1
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
- CVE-2022-32166Sep 28, 2022affected < 2.8.10-4.33.1fixed 2.8.10-4.33.1
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remo
- CVE-2021-36980Jul 20, 2021affected < 2.8.10-4.33.1fixed 2.8.10-4.33.1
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
- CVE-2020-27827Mar 18, 2021affected < 2.8.10-4.23.1fixed 2.8.10-4.23.1
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
- CVE-2020-35498Feb 11, 2021affected < 2.8.10-4.26.1fixed 2.8.10-4.26.1
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest